Hi Scotty,
Here are the logs
COMBOFIX LOG
ComboFix 08-04-04.1 - X 2008-04-06 10:09:30.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.173 [GMT -4:00]
Running from: C:\Documents and Settings\X\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\X\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\i0.cmd
C:\WINDOWS\system32\tavo0.dll
C:\WINDOWS\WMSysPr9.prx
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\i0.cmd
C:\WINDOWS\system32\tavo0.dll
C:\WINDOWS\WMSysPr9.prx
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-03 17:25 . 2008-04-03 17:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 17:25 . 2008-04-03 17:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 17:24 . 2008-04-03 17:24 <DIR> d-------- C:\Documents and Settings\X\Application Data\Apple Computer
2008-04-03 17:22 . 2008-04-03 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-03 17:21 . 2008-04-03 18:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-02 22:41 . 2006-08-21 05:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-02 22:41 . 2006-08-21 05:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-02 22:41 . 2006-08-21 08:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-02 21:36 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-02 20:58 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-02 20:58 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 20:05 . 2008-04-02 22:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-02 18:48 . 2004-08-04 02:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-02 18:13 . 2008-04-02 18:13 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-02 18:11 . 2008-04-02 18:11 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-02 18:09 . 2008-04-02 18:09 <DIR> d-------- C:\Documents and Settings\X\Application Data\Microsoft Web Folders
2008-04-02 17:51 . 2004-08-04 02:07 59,264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-04-02 17:51 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-02 17:51 . 2004-08-04 02:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-02 17:51 . 2004-08-04 03:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-02 17:51 . 2001-08-17 17:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-02 16:55 . 2008-02-16 01:07 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-02 16:55 . 2008-02-16 01:07 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-02 16:55 . 2008-02-16 01:07 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-02 16:54 . 2008-04-02 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-02 16:43 . 2003-02-28 19:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-04-02 16:29 . 2008-04-02 16:29 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-02 16:29 . 2008-04-02 16:29 <DIR> d-------- C:\WINDOWS\peernet
2008-04-02 16:26 . 2008-04-02 16:26 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-02 16:22 . 2005-06-28 11:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-02 16:19 . 2008-04-02 16:19 <DIR> d-------- C:\WINDOWS\EHome
2008-04-02 16:13 . 2004-08-04 01:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-02 16:13 . 2004-08-02 15:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-02 16:13 . 2004-08-02 15:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-02 16:00 . 2008-04-02 16:00 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-02 15:59 . 2008-04-02 15:59 <DIR> d-------- C:\Documents and Settings\X\Application Data\acccore
2008-04-02 15:59 . 2004-08-04 03:56 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2008-04-02 15:59 . 2004-08-04 03:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-02 15:59 . 2004-08-04 03:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-02 15:59 . 2004-08-04 03:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-02 15:59 . 2004-08-04 03:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-02 15:59 . 2008-04-02 15:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-02 15:58 . 2008-04-02 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-02 15:58 . 2008-04-02 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-02 15:57 . 2008-04-02 15:57 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-02 14:57 . 2008-04-02 15:59 <DIR> d-------- C:\Program Files\AIM6
2008-04-02 14:57 . 2008-04-02 14:57 <DIR> d---s---- C:\Documents and Settings\X\UserData
2008-04-02 14:56 . 2008-04-02 14:56 <DIR> d-------- C:\Program Files\Samsung ML-2010 Series
2008-04-02 14:56 . 2005-03-14 01:01 766 --------- C:\WINDOWS\Uninstall.ico
2008-04-02 14:55 . 2008-04-02 14:56 <DIR> d-------- C:\WINDOWS\Samsung
2008-04-02 14:55 . 2005-03-14 01:01 208,896 --------- C:\WINDOWS\system32\SSRemove.exe
2008-04-02 14:55 . 2005-03-03 00:32 151,552 --a------ C:\WINDOWS\system32\SSCoInst.exe
2008-04-02 14:55 . 2005-03-03 06:09 57,344 --a------ C:\WINDOWS\system32\SSCoInst.dll
2008-04-02 14:55 . 2005-03-14 01:01 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
2008-04-02 14:55 . 2005-04-07 22:29 20,622 --a------ C:\WINDOWS\system32\SUGS2LMK.DLL
2008-04-02 14:55 . 2005-03-14 01:01 8,478 --------- C:\WINDOWS\system32\SP119.ICO
2008-04-02 14:55 . 2005-03-03 07:23 604 --a------ C:\WINDOWS\system32\SUGS2LMK.SMT
2008-04-02 14:53 . 2008-04-02 14:53 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-02 14:53 . 2002-08-03 12:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-04-02 14:53 . 2002-08-03 12:17 <DIR> d-------- C:\Documents and Settings\X\WINDOWS
2008-04-02 14:53 . 2002-08-15 13:32 <DIR> d-------- C:\Documents and Settings\X\Application Data\Sony Corporation
2008-04-02 14:53 . 2002-08-15 13:30 <DIR> d-------- C:\Documents and Settings\X\Application Data\InterTrust
2008-04-02 14:53 . 2002-08-03 12:17 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 22:05 --------- d-----w C:\Program Files\QuickTime
2008-04-03 00:08 --------- d-----w C:\Program Files\Trend Micro
2008-04-02 22:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-02 18:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 05:07 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2008-02-16 05:07 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-02-16 05:07 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-02-16 05:07 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Documents and Settings\Default User\WINDOWS ----
---- Directory of C:\WINDOWS\system32\config\systemprofile\WINDOWS ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 20:17 102400]
"SiS Tray"="" []
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [ ]
"LTSMMSG"="LTSMMSG.exe" [2002-07-20 12:22 32768 C:\WINDOWS\LTSMMSG.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-07-03 20:17 40960]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2002-08-15 13:44 146432]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2002-07-14 15:50 11406]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 03:20 372736]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-26 15:19 1398024]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-21 21:00:00 65588]
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2002-08-15 13:26:39 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\DVLib\sonydv.dll
"VIDC.MJPG"= sonymjpg.dll
"msacm.atrac3"= atrac3.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-07-20 12:22]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 18:53:13 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-04-02 18:53:14 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-04-02 18:53:14 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-06 10:15:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\WScript.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-06 10:21:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 14:21:12
ComboFix2.txt 2008-04-04 21:16:24
Pre-Run: 11,833,360,384 bytes free
Post-Run: 11,824,472,064 bytes free
.
2008-04-03 02:48:08 --- E O F ---
HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:47 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1207162649530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1207162641873
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
http://www.trendsecu...asyInstallX.CAB
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
--
End of file - 5591 bytes